MediaWiki

Presentation

MediaWiki is a wiki software, used by the well known Wikipedia.

Several extensions allows to configure SSO on MediaWiki: We will explain how to use the latest: HttpAuth.

Integration with LemonLDAP::NG

Install extension on MediaWiki

The extension is presented here: http://www.mediawiki.org/wiki/Extension:HttpAuth

You can download the code here: http://github.com/oremj/mediawiki-http-auth/downloads

You have to install HttpAuthPlugin.php in the extensions/ directory of your MediaWiki installation, and then edit LocalSettings.php:

session_start();
$_SERVER['PHP_AUTH_USER'] = $_SERVER['REMOTE_USER'];
if ((!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['REMOTE_USER'])) || $_COOKIE[$wgDBserver . 'UserID']) {
        require_once("$IP/extensions/HttpAuthPlugin.php");
        $wgAuth = new HttpAuthPlugin();
        $wgHooks['AutoAuthenticate'][] = array($wgAuth,'autoAuthenticate');
}

Configure LemonLDAP::NG

Declare a VirtualHost in Apache for MediaWiki and active SSO, for example:

<VirtualHost *>
    ServerName mediawiki.example.com

# SSO protection PerlHeaderParserHandler My::Package

# DocumentRoot DocumentRoot /var/www/html/mediawiki/ DirectoryIndex index.php

LogLevel warn ErrorLog /var/log/httpd/mediawiki-error.log CustomLog /var/log/httpd/mediawiki-access.log combined </VirtualHost>

Then add this host in LemonLDAP::NG Manager.

If you are using LemonLDAP::NG as proxy, you can use this in your MediaWiki Apache configuration:

SetEnvIfNoCase Auth-User "(.*)" REMOTE_USER=$1


You can also catch the logout page with this rule:

Userlogout => logout_app_sso